471,872 Members | 1,271 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,872 software developers and data experts.

register - using PHP & MySQL

George Lft
ok, first of all, i built my register page using dreamweaver tool which the codes haven been out of control. Now i'm thinking that turning over everything - by using this another set of codes. And these new sets of codes have overwhelmed me a bit. Here's the new code:
Expand|Select|Wrap|Line Numbers
  2. CREATE TABLE `users` ( 
  3.   `ID` int(11) NOT NULL auto_increment, 
  4.   `Username` varchar(255) NOT NULL, 
  5.   `Password` varchar(255) NOT NULL, 
  6.   `Temp_pass` varchar(55) default NULL, 
  7.   `Temp_pass_active` tinyint(1) NOT NULL default '0', 
  8.   `Email` varchar(255) NOT NULL, 
  9.   `Active` int(11) NOT NULL default '0', 
  10.   `Level_access` int(11) NOT NULL default '2', 
  11.   `Random_key` varchar(32) default NULL, 
  12.   PRIMARY KEY (`ID`), 
  13.   UNIQUE KEY `Username` (`Username`), 
  14.   UNIQUE KEY `Email` (`Email`) 
<?php require_once('db.php');

if($_POST['username']!='' && $_POST['password']!='' &&
$_POST['password']==$_POST['password_confirmed'] && $_POST['email']!='' &&
valid_email($_POST['email'])==TRUE && checkUnique('Username', $_POST['username'])==TRUE
&& checkUnique('Email', $_POST['email'])==TRUE)
$query = mysql_query("INSERT INTO users (`Username` , `Password`, `Email`, `Random_key`) VALUES
'".mysql_real_escape_string($_POST['email'])."', '".random_string('alnum', 32)."')") or die(mysql_error());

$getUser = mysql_query("SELECT ID, Username, Email, Random_key FROM users WHERE Username = '".mysql_real_escape_string($_POST['username'])."'") or die(mysql_error());

if(mysql_num_rows($getUser)==1) {//there's only one MATRIX P

$row = mysql_fetch_assoc($getUser);
$headers = 'From: webmaster@ourdomainhere.com' . "\r\n" . 'Reply-To: webmaster@ourdomainhere.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion(); $subject = "Activation email from ourdomainhere.com";
$message = "Dear ".$row['Username'].", this is your activation link to join our website. In order to confirm your membership please click on the following link: http://www.ourdomainhere.com/confirm.php?ID=".$row['ID']."&amp;key=".$ row['Random_key']." Thank you for joining";

if(mail($row['Email'], $subject, $message, $headers)) {//we show the good guy only in one case and the bad one for the rest.

$msg = 'Account created. Please login to the email you provided during registration and confirm your membership.';
} else {
$error = 'I created the account but failed sending the validation email out. Please inform my boss about this cancer of mine'; }
else {
$error = 'You just made possible the old guy (the impossible). Please inform my boss in order to give you the price for this.'; }
else {
$error = 'There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match'; }

<?php if(isset($error)){ echo $error;}?>
<?php if(isset($msg)){ echo $msg;} else {//if we have a mesage we don't need this form again.?>

<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Username: <input type="text" id="username" name="username" size="32" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>" /><br />
Password: <input type="password" id="password" name="password" size="32" value="" /><br />
Re-password: <input type="password" id="password_confirmed" name="password_confirmed" size="32" value="" /><br />
Email: <input type="text" id="email" name="email" size="32" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>" /><br /> <input type="submit" name="register" value="register" /><br /> </form>

this has been confusing to me, I don't know how the sequence should be . First , I create this register.php. Then , i run it at register.php without creating another messsageProcess.php . Then it checks IF all fields are entered. The two passwords match each other.The username is not taken. The email address is valid and also uique as well.

There's another confirmation page to be built . but i can't get through this one. I'm confused by how should this codes work. Please note before this i had my legs up on my desk, and built it using this: easy

<?php require_once('Connections/newland_tours.php'); ?>
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
return $theValue;

// *** Redirect if username exists
if (isset($_POST[$MM_flag])) {
$loginUsername = $_POST['username'];
$LoginRS__query = sprintf("SELECT username FROM tbl_users WHERE username=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_newland_tours, $newland_tours);
$LoginRS=mysql_query($LoginRS__query, $newland_tours) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);

//if there is a row in the database, the username was found - can not add the requested username
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "frm_register")) {
$insertSQL = sprintf("INSERT INTO tbl_users (firstName, lastName, username, pwd, userGroup, address1, city, state_province, zip_postal, country) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['firstName'], "text"),
GetSQLValueString($_POST['lastName'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['pwd'], "text"),
GetSQLValueString($_POST['userGroup'], "text"),
GetSQLValueString($_POST['address1'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state_province'], "text"),
GetSQLValueString($_POST['zip_postal'], "text"),
GetSQLValueString($_POST['country'], "text"));

mysql_select_db($database_newland_tours, $newland_tours);
$Result1 = mysql_query($insertSQL, $newland_tours) or die(mysql_error());

$insertGoTo = "login.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
header(sprintf("Location: %s", $insertGoTo));

mysql_select_db($database_newland_tours, $newland_tours);
$query_conn_newland = "SELECT * FROM tbl_users";
$conn_newland = mysql_query($query_conn_newland, $newland_tours) or die(mysql_error());
$row_conn_newland = mysql_fetch_assoc($conn_newland);
$totalRows_conn_newland = mysql_num_rows($conn_newland);


The whole image i'm trying to create is , a register page that checks username. email = email2 , a random key to confirm by user clicking on a link before she can start using her new username and password. The second msg is sent to her wishing you congratulations ,successful login page. The problems with NO.1 codes is it don't check for username and re-enter password or anything - no validation .it's just plain , with no function embedded in the form text fields. I suppose i have to connect it to the db handcoding, but i only understand that using the second code. I'm trying to use it in the first one but stuck in the beginning
<?php require_once('db.php');[/php] . Where in the second code ,the old one - it's something like this
<?php require_once('Connections/newland_tours.php'); ?>.
aren't both the codes 1 and 2 are supposed to include :
// Set up connection to MySQL
$host = "localhost";
$user = "root";
$pwd = "";
$dbConn = mysql_connect($host,$user,$pwd);
// Connect to newland_tours database
$database = "newland_tours";
$query_rs_countries = "SELECT countryID, countryName FROM tbl_country ORDER BY countryName ASC";
$rs_countries = mysql_query($query_rs_countries);
$row_rs_countries = mysql_fetch_assoc($rs_countries);
?> [/php]

the irony is the code 2 is working smoothly, the code 1 not at all. The reasons i drop off code 2 is that it's insecured when storing password,not encrypted, - the hidden fields are written out in the code where access level can be hacked. as well as confirmation not made where i can get up getting 1000 new users in one day.

Pls send some light here

Thanks, happy working !
Jan 5 '08 #1
1 4138
4,258 Expert 4TB
It seems that no one read your thread or had any experience with this (I certainly have not). We are sorry we could not help you.

Maybe next time.

Feb 15 '08 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

3 posts views Thread by James | last post: by
7 posts views Thread by AF | last post: by
8 posts views Thread by iteamhub | last post: by
reply views Thread by YellowAndGreen | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.